I couldn't get either anti-virus program to install when I downloaded them, just as an FYI. Here is the first log, log.txt, from RSIT.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Barbra O'Mara at 2009-08-11 09:28:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (48%) free of 38 GB
Total RAM: 351 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:55 AM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winntdu.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvtmlvu.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winhjto.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winqkorw.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winseites.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\iawhqc.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jmoyxk.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\bwmsd.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\yytpyu.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wghi.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\ctsdf.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winpcbgy.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wincmnv.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\gubycq.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\yqruwa.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingrfad.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingxmls.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winjhth.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyngon.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winrlmyk.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\poty.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wineuejan.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\slxgs.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winjweu.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winsrjnck.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wfrirb.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvbne.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winryidei.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvyyglo.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\fjjbhk.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxspqg.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\upaglq.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winnrcsl.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\ucxqox.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winukeado.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\bvpnkp.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\juwj.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wdenmr.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tjlsh.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\hsuy.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winmmjxd.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxjlok.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winqyito.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winryrm.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winudrpw.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winavkjbu.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jght.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winuoltt.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wtqqc.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\lpqyhl.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winnyslxt.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\gmnls.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyskaa.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyebks.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\prcji.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winrmkc.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wrvdea.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winjnnyuf.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winlgopw.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\myno.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wvbcpj.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\imrux.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\xywica.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\fcickg.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\windewj.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\lpcbp.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxnndk.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wincornlf.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxbwrp.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\xifwaf.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winskqrl.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\windoyohf.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winqaogo.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winlgcq.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxqqfwc.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winlqbm.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winpwrfim.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winuofr.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\kjafr.exe
C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfkven.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barbra O'Mara\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Barbra O'Mara.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sbc.yahoo.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 10645 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-23 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-15 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-28 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-28 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-28 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-23 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-09 134656]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2002-07-09 167936]
"Motive SmartBridge"=C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe [2003-12-10 380928]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EXE /APPLY []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 128568]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-28 230808]
"cwcptray"=C:\Program Files\ContentWatch\Internet Protection\cwtray.exe [2009-04-25 422208]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2008-05-07 110592]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1768960]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-08-18 380928]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-24 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor]
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe [2003-06-18 466944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1768960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
C:\WINDOWS\system32\pctspk.exe [2002-07-09 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\System32\keyhook.exe [2004-02-27 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-02-09 134656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 103424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\QV\QVLIB2\QVLIB.EXE"="C:\QV\QVLIB2\QVLIB.EXE:*:Enabled:QVLIB MFC Application. The QuickVerse Library is a STEP-compatible program used to enhance Bible study and general research."
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\nwnq.pif"="E:\nwnq.pif:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\lrlu.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\lrlu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\erfan.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\erfan.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winieomv.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winieomv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tsenw.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tsenw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tbwsgn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tbwsgn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tmjl.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\tmjl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jalri.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jalri.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\badga.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\badga.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\axqwo.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\axqwo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winygqalg.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winygqalg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winwndexf.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winwndexf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingcmawq.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingcmawq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mrtj.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mrtj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\kfevt.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\kfevt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\juee.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\juee.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winimynpc.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winimynpc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\fgqmrk.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\fgqmrk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jeuiag.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jeuiag.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\doakdv.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\doakdv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingyql.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingyql.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\lpoe.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\lpoe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\eteva.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\eteva.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfkqnps.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfkqnps.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winftpk.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winftpk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jqmo.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jqmo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wincfhuny.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wincfhuny.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxeskfj.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxeskfj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mgbm.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mgbm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\windaxrn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\windaxrn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\nnvw.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\nnvw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\rxncq.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\rxncq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\bfnhqn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\bfnhqn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winaldn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winaldn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\vhfrhp.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\vhfrhp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winwcpqjn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winwcpqjn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winkjxdvi.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winkjxdvi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wjyyi.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wjyyi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winburnr.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winburnr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\qcxua.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\qcxua.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winobicfn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winobicfn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winofqm.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winofqm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingdtdj.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingdtdj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvsdn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvsdn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\hsjv.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\hsjv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfltxng.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfltxng.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\xfcgcu.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\xfcgcu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\nwia.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\nwia.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyxnr.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyxnr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\skorm.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\skorm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\vgexms.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\vgexms.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winhndupg.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winhndupg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvevmfl.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvevmfl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jfyh.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jfyh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxpnvko.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winxpnvko.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\hjaqnm.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\hjaqnm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\prnmdl.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\prnmdl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\diqh.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\diqh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mwuesg.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mwuesg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winferdb.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winferdb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\snly.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\snly.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winmqbm.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winmqbm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\uabkh.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\uabkh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mfla.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\mfla.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winilgk.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winilgk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\emlk.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\emlk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winkpnbk.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winkpnbk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winsoei.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winsoei.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\ajulb.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\ajulb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingawo.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wingawo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winpkci.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winpkci.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvbppot.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winvbppot.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winymmwfr.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winymmwfr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\kjnqtn.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\kjnqtn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winlogxtb.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winlogxtb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winqitri.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winqitri.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\looajr.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\looajr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winctrmtt.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winctrmtt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\erncu.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\erncu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfrkxj.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winfrkxj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winanphsb.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winanphsb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winwvhwyx.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winwvhwyx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\axqmu.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\axqmu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winnkplkb.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winnkplkb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winieumo.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winieumo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyrequ.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winyrequ.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winillsu.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winillsu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winibcbq.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winibcbq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jyflde.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\jyflde.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\viilgh.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\viilgh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winpbtolu.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winpbtolu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winiqndfv.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\winiqndfv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wincmcepg.exe"="C:\DOCUME~1\BARBRA~1\LOCALS~1\Temp\wincmcepg.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a82e7f8-d1b7-11db-b084-00115b4491db}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592d2d72-70ca-11de-b21e-00115b4491db}]
shell\autopLAy\command - E:\pvpdh.cmd
shell\AutoRun\command - E:\pvpdh.cmd
shell\explorE\command - E:\pvpdh.cmd
shell\OpEn\command - E:\pvpdh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ea42cca-3529-11da-af28-00115b4491db}]
shell\aUtOplAY\command - E:\nwnq.pif
shell\AutoRun\command - E:\nwnq.pif
shell\eXploRe\command - E:\nwnq.pif
shell\opeN\command - E:\nwnq.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43310ea-d552-11db-b08a-00115b4491db}]
shell\AutoRun\command - E:\LaunchU3.exe
======File associations======
.reg - edit -
.reg - open - regedit.exe %1
======List of files/folders created in the last 1 months======
2009-08-11 09:28:30 ----D---- C:\rsit
2009-07-31 14:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-07-31 14:17:03 ----D---- C:\Program Files\Security Task Manager
2009-07-31 14:06:38 ----D---- C:\Program Files\Trend Micro
2009-07-31 11:58:43 ----AH---- C:\aaw7boot.cmd
2009-07-30 15:21:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-30 15:20:28 ----D---- C:\Program Files\Trojan Remover
2009-07-29 19:52:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-29 19:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-29 19:40:42 ----D---- C:\WINDOWS\ie8updates
2009-07-29 19:38:27 ----HDC---- C:\WINDOWS\ie8
2009-07-29 16:41:47 ----RA---- C:\WINDOWS\system32\HP2030SM.EXE
2009-07-29 16:41:47 ----A---- C:\WINDOWS\system32\zjbig.dll
2009-07-29 16:41:47 ----A---- C:\WINDOWS\system32\hpsfs.dll
2009-07-29 16:41:47 ----A---- C:\WINDOWS\system32\HPMCoSetup.dll
2009-07-29 16:41:47 ----A---- C:\WINDOWS\system32\HP2030LM.DLL
2009-07-29 16:39:37 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2009-07-29 16:33:19 ----RA---- C:\WINDOWS\atprs.exe
2009-07-29 16:26:28 ----SHD---- C:\WINDOWS\ftpcache
2009-07-17 12:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 12:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 12:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
======List of files/folders modified in the last 1 months======
2009-08-11 09:28:22 ----D---- C:\WINDOWS\Prefetch
2009-08-11 09:25:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-11 09:23:11 ----D---- C:\Program Files\Mozilla Firefox
2009-08-09 08:53:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 08:52:32 ----D---- C:\WINDOWS\Temp
2009-08-09 08:52:29 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 08:52:21 ----A---- C:\WINDOWS\ModemLog_HSP56 MR.txt
2009-08-09 08:51:51 ----RD---- C:\Program Files
2009-08-09 08:51:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-09 08:45:25 ----HD---- C:\Config.Msi
2009-08-09 08:43:05 ----SHD---- C:\WINDOWS\Installer
2009-08-09 08:42:43 ----SD---- C:\WINDOWS\Tasks
2009-08-09 08:42:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-09 08:42:43 ----HD---- C:\WINDOWS\inf
2009-08-09 08:30:49 ----D---- C:\WINDOWS\system32
2009-07-29 20:07:04 ----D---- C:\WINDOWS
2009-07-29 19:55:30 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 19:55:30 ----D---- C:\WINDOWS\Media
2009-07-29 19:55:30 ----D---- C:\WINDOWS\Help
2009-07-29 19:55:30 ----D---- C:\Program Files\Internet Explorer
2009-07-29 19:51:06 ----D---- C:\WINDOWS\WinSxS
2009-07-29 19:41:49 ----D---- C:\WINDOWS\ie7updates
2009-07-29 19:41:18 ----A---- C:\WINDOWS\imsins.BAK
2009-07-29 19:40:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 17:40:53 ----RSD---- C:\WINDOWS\assembly
2009-07-29 17:40:53 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-29 17:17:24 ----D---- C:\WINDOWS\Registration
2009-07-29 16:39:37 ----D---- C:\Program Files\HP
2009-07-29 16:39:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-29 16:33:15 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-07-21 10:04:49 ----D---- C:\Documents and Settings\Barbra O'Mara\Application Data\Image Zone Express
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-14 19:03:34 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2004-02-26 11648]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-03-31 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-03-31 55936]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-18 610988]
R3 dac970nt;dac970nt; \??\C:\WINDOWS\system32\drivers\.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2002-07-08 131676]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-02-26 436608]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-20 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-20 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-20 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WINFLASH;WINFLASH; \??\I:\BIOS WinFlash\AWARD-WINFLASH\WinFlash.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CwAltaService20;ContentWatch; C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe [2009-04-25 1288512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-28 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 256496]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 573440]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 101888]
-----------------EOF-----------------